This guide will illustrate howto create PPPoE server in MIKROTIK RouterOS (I used v 5.6 in this example). This article will also demonstrate on how you can create your automated pre-paid billing solution for users using Mikrotik’s User Manager. This basic RADIUS Server a.k.a USERMAN can be used for any ppp service like VPN/PPPoE/HOTSPOT.

My Note:
I must state that the USERMAN solution is not a reliable one, You cant rely on it on a large/production server. But after all its free package come along with the mikrotik, so dont expect much from it, IMO its suitable for SOHO. If you want real features related to ISP , Better to USe 3rd Party Radius server like DMASOFTLAB which is feature rich radius built to perform 🙂

It will also show you how to create a 30 days limit account with 256Kbps speed limit.

Now at user end, create a pppoe dialer and connect with the id = zaib and password = 1234
(Howto create pppoe dialer

http://www.petri.co.il/configure_a_pppoe_dialer_in_windows_xp.htm

If all goes fine, you will start surfing the internet smoothly 🙂

Now we will move to mikrotik billing system using its built-in radius called USER MANAGER.

MIKROTIK USER MANAGER WITH BILLING SETUP

We can setup a RADIUS server in mikrotik using its built-in radius server called User Manager. UM is a nice web-based billing manager package to compliment hotspot / pppoe / vpn authentication solution in RouterOS. It is RADIUS based component so it can provide centralised management to single or multiple RouterOS based NASes.

Now we will first configure user manager and then later we will integrate it with our pppoe server so all authentication will be done via UM.

Open your web browser and point it to http://10.0.0.1/userman
You will see user manager authentication screen, Now enter admin id and password and you will be forwarded to main UM screen like this.
Note: If default admin password doesn’t work out, change the password by following command

Now click on Profiles, on your right window, click on + sign (beside profile)

For test purposes, we will add one profile with 256Kbps speed limit, and 30 days UP Time limit. You can add many packages as per your requirements later, once you understand how thins works here)

Now we want to add 256Kb / 30days Limit Package, Name it 256k.

* in ‘Name for users‘ type ‘256k’
* in ‘Validity‘, type ‘4w2d’ (for 1 month validity)
* in ‘Starts‘ , select ‘At First Logon‘ (User time will start when users first login)
* in ‘Price’ enter the amount at which you sell this package to users. e.g 400
* in ‘Shared Users’ select ‘1’ (so single ID cannot be used from multiple computers simultaneously)

Now Save Profile. (See attached Screenshot)

um-add-profile-zaib

Now We want to add Bandwidth Limitation to this profile, goto ‘Limitations’ and click on ADD ,
A new window will appear

Profile, clien on ‘Add New Limitation’ and and click on ‘256k Limit’ and

click ‘ADD’ button. (See attached Screenshot)

Done, your first package with 256k Limit and 30 Days uptime limit is created. Now we will Add new user and tag them with this new 256k profile.

Goto Users, and click on ADD / One (to add single user).

* in ‘Username’ type ‘zaib’
* in ‘Password’ type ‘1234’* in ‘Constraints’ check on ‘Called ID’ Bindon first use. This options is good if you want to bind user id with first detected MAC address, if you don’t want to bind , leave this option as it is.
* in ‘Assign profile’ select ‘256k’ profile and click on ADD button to finish.(See attached Screenshot)

Now that we have finished our basic work with UM, its time to integrate it with Mikrotik, so that all Mikrotik PPPoE authentication will be done via UM.

! COMPLETED !

Now from client end, connect with Users id ‘zaib’ and password ‘1234’ that you created via UM. It should connect fine. After first connect, this ID will expires in 30 days and bandwidth limit will be 256kb download and 128kb upload.

To view status/change password etc, from client side, point the browser to

http://10.0.0.1/user

OR

http://192.168.2.1/user

[depend on ip series.

If you need any assistance, Do let me know.

TIPS n TRICKS for USER MANAGER

USER MANAGER: UNABLE to OPEN DATABASE ERROR

IMHO, USERMAN is like a abandoned product & should not be used in serious environments. When we mix different roles in one box, such results are common. Use Router for Routing purposes 👣 , , Do not use it as a Database system.
For proper AAA, use external billing like freeradius

If you are getting error in mikrotik LOG windows

unable to open database file

There are some other short term solution for it, but try following STEPS for reliable results ..

OK, i’ll try 🙂 Sorry for my “Ping English” I just started 🙂
If i understand correctly it’s possible to limit users by checked total amount of time in the internet. But is it possible to limit the internet usage time for one login? I mean after logining in user has only 2 hours for the internet usage not for total time. For ex. i generated user with 2hours of inet.usage. User logged in 16:00 but user did’nt used intet from 17:00 till 18:00 but login anyway will expire at 18:00. Now it’s more clear? 🙂

Unfortunately this is possible only in one way. If we set up-time to 2hrs only, this way his id will be expired in 2 hours after first login. id expires means his account will be disabled after 2 hours , he will not be able to use it next day. This is limitation of User Manager. The package you want can only be achieved via using 3rd party radius manager like DMASOFTLAB RADIUS MANAGER.

Another workaround is that you car create a monthly package with 2 hours daily timing, but timings must be hard coded in profile limitation, like user can login to server from 12:00 pm -2:00 pm.

Or try to post your query in mikrotik forum, maybe some one have other workaround for this.

About same problem with MK and userman. Id will not expire in 2 hours if user pressed log off (of course) and if your has disconect from hotspot SSID. When user login back after few minits/hours left time is go on from same time when user disconnected. So, seems like problem with recived disassoc on AP when user connects to other SSID or disconnects from hotspot SSID.
My config: MK RB1100 as DHCP for hotspot, hotspot, radius,userman, VLANx. AP RB411 with 2 SSIDs on different VLANs, bridged WLAN with ETH. First VLANy is secured and DHCP on other router. Second VLANx on VAP without security and goes to RB1100 via trunked VLAN.
So any idea how to make ID expired after 2h after first login? 🙂 I know about 3rd party user manageres….

I have never used TEKRADIUS , but it sounds like MS windows base radius server and I am sure it won’t be much reliable.

Any how search its forum , Either bind user id with fix ip, so when a user is already logged in, and another user with same id tries to login, he will get the same ip and thus ip conflict will occur and net for second user will not work. or bind user ID with specific ID, These are geneal ideas to restrict users, How it will be don TEKRADIUS, you have to search there forums.

I have a question related to the article discussed here. I am using MT winbox 4.5 given to me by the company from where i bought my equipement. I followed one of your tutorial to create hotspot for user authentication and Alhadolillah i was able to do it successfully. Thanks for the tutorial. Now in the next phase i want to add functionality for billing. Since my system is pretty small right now, i am using 2 Dell Gx280 pcs. 1 is running windows server 2003 and is handling the ftp. the second one has centos and is handling cache. i want to add the billing / voucher system in my setting. Can you please suggest me a way to do it. i am not good at linux so please help me.

2# You can Bind User’s MAC Address with his ID manually, OR you can choose an option “BIND ON FIRST USAGE’, which means that When users first Login , HIS MAC Address will be automatically bind with his user ID.
But use the latest version of Mikrotik for this functionality, which means BUY the LICENSE 🙂 , get LEGAL,

Salam,
Sir I am a daily reader of your blog. It is very useful for learners and students like me. I follow your article and successfully learnt how to implement PPPoE server using mikrotik 3.3. The problem I am facing is that MT is not installing User Manager. I downloaded the x86_3.3_packages.zip and uploaded in usermanager.npk to files section and then reboot the MT but It does not install usermanager.
Kindly help me.

Mikrotik 3.30 comes with user manager pre-installed by default, you don’t have to add it manually. Unless you have specifically unchecked it at the time of installation.

There are few ways to add user manager.

1) Re-Install Mirkotik “3.30” and make sure you Check / select usermanager at the time of installation.

2) Download the 3.30 compatible usermanager in NPK package, upload it to FILES section and then simply reboot,
(While rebooting check the mikrotik screen, you will see its installation or error , note it down , it will be useful for troubleshooting.

pppoe clients connecting well but internet is not access-able .
when i access ip 192.168.5.1 (tplink loadbalancer) from pppoe client side browser display tplink page
means my pppoe clients are eligible to access my load balancer page but internet is not working

i guess some thing is missing in dns or should i have to attack proxy server with mikrotik pppoe server if yes
then please send me configuration to forward NAT request to proxy server .

one more thing when i check nslookup yahoo.com it shows yahoo server ips
but when ping yahoo.com msg appears destination net unreachable reply from 10.0.0.1
please consider these troubles and shoot them out from my network…………..thxxxxxxxxxxxxxx

If you are able to resolve domain name in nslookup, it means your DNS server is working fine.
You need to add default GATEWAY on your mikrotik, and if clients are connecting via pppoe they will work fine, and if clients are securenat, then they must use dns/gw pointing to mikrotik.

Asalam-o-alecum
sir i m using Mikrotik 3.20 PPPoe every thing is working fine but when i configure userman for log my client pc is connect and disconnect in 1 sec and show error check network protocol and when i see log is userman it show client ip ,host ip , authentication success etc … whats the problem ? plz help me
2nd how can create profile in 3.20 userman ?

This USUALLY means there is a problem obtaining an IP address. Check to make sure that in pppoe profile , you have both local and remote IP space being assigned (local means enter the ip of mikrotik). and in remote , select the pppoe ip pool.

Also
Goto PPP > PPPoE Server >
in PPPoE Service, make sure you have selected *ONLY* “pap” in Authentication section.

yes i check it local and remote ip both configure ok and pppeE server only pap Authentication .
when i create profile > secret via winbox client pc connect everything is fine but no log show in userman >log
how can add user in this profile in 3.20 userman ? bcoz 3.20 userman has no profile tab.

hi,
this is rehmat ali have to ask that, how i cache web sites in mikrotik without enabling proxy server means i use dns and dns working fine but i have little browsing issue so thats y i have to enable cache.

If you don’t wan to cache in mikrotik, add external proxy support like add squid with mikrotik, and route only http request to squid server.
Without any kind of proxy, you cant cache web sites. You need proxy server at any end.

thxxxx, i configured proxy on microtik and cache works fine but my mikrotik os install on drive 80 gb sata1 and other sata2 is 1.5 Tera bytes i want to proxy to use sata 2 drive , is it possible please tell me if it is in any possibilities.thanks man

i have 4 wan link (wan 1 =192.168.1.1)(wan 2=192.168.2.1)(wan 3=192.168.3.1)(wan 4=192.168.4.1) connected with 4 wan tplink loadbalancer (tplink balancer ip=192.168.5.1) (mikrotik wan ip=192.168.5.2 network=192.168.5.0 ethr=ptcl in) (mikrotik route = src=0.0.0.0/0 gateway=192.168.5.1 check gateway=ping) when ppp client ping 192.168.1.1 or any wan port ping is not responding request time out occur and some time it work well but on the same time when ping not responding i connect load balancer with single pc ping reply in 1ms and not breaking. is mikrotik is net recommended to connect load balancer or some configuration problem i have, please guide me as soon as possible i m thank full to you,

Hello sir,
please i am facing serious issues concerning mikrotik user manager version 5.13. in the winbox, i dont see session time. How can get this done, and what is the best way to integrate user-manager and hiotspot in the same box. I am using rb750G with wireless.

I have a mikrotik with radius manager. I had a disgruntled employee remove some settings on the mikrotik prior to leaving our organization. So am unsure if the system is working as required for the basic setup. Would you be willing to assist me in verifying? I do not think the pppoe is applying the proper Ip pool range and queues…any input would be much appreciated!

I have a RB1100 microtik v5.16, and am having a problem with the authentication. On checking the usermanager logs , I see the login attempts logged as ‘start stop’ meaning the queries are going through. Secret is okay and the password is fine.
If i use a local secret all is well, thus problem must be with usermanager.
Any suggestions?

Depends on the network scenario and number of users. I have number of bad experiences with the HOTSPOT at various cable.network setup. It requires extra security with wisely configured firewall otherwise it can become real headache when number of users exceed. However its very good in terms of advertising your network, and ease of use, You can use other devices like iphone, mobiles etc.

I personally prefer PPPoE which is most secure and stable but people with other devices won’t be able to use it because usually other devices like mobile or ipad type don’t support dialing. Its a very long debate on which method is best, its all depend on the network scenario and also on your expertise.
Try with Hotspot.

Hi bro
I am also facing same problem.i have configured pppoe server and um on same rb,i have created policy and user.Bt id created in um doesnt login giving 691 error.authenticated failed radius timeout on rb log report.

I have given 127.0.0.1 IP on router.But i am still facing this problem.
can you help me out.

Hi sir,
I have a RB750 and a RB450. I created ppp user and secret and able to loggon well thru pppoe dialer. But when I configure user manager I face problem. If I have IP 127.0.0.1 as the ROuter IP in UM I can loggon easily from the user created in UM but otherwise it give error of invalid username and password.
I am giving the details which I have:
1. Wan IP 172.172.12.5 and gateway 172.172.12.1 connected to ether1.
2. LAN IP Pool 172.172.1.2-172.172.1.254 on figured on ether 3
3. In PPPoE Local Address i have given 172.172.1.1 and the Remote address as pool1.

i have configured pppoe server on rb 750.i have even installed um,created policy and user.bt after dailing from pppoe dialer i m getting error of 691,username password or the selected authentication protocol is not permitted on the remote access server.kindly tell me wht i have missed.pls help

salam,i have mt rb 750 with version 5.4. i didnt understand what you said,”no valid profile found to user,expired”.user manager linked to hotspot,mikrotik 5.18. my rouer local ip 192.168.88.*** and wan ip is 111.125.***,***. user manager opens with ip 192.168.88.***/userman.profile,limitation,user created as per shown in the link.but when i dail user from pppoe client with the service name given i get the error username password or the selected authentication protocol is not permitted on the remote access server.
i want my users to login through usermanager,i can manage the activities via usermanager.
Is hotspot required,coz i have created a pppoe server.
kindly help.i want to open the line urgently.

salam,thanks for your suggestion.user id created on usermanager cannot login.giving error of 691. where i am going wrong.which ip shall i give in um router.can you send me the setting to be changed.along with pppoe server and um on rb750.

RB750 is no way different then other version or RB.
There must be some mistake in configuration, Check with the Mikrotik RADIUS tab and UM Router Config. Check Logs, they will help you in diagnostic the problem.

I’ hve tried to make it onn Mikroik 3.30 but I got a difierent GUI [annel in UserManger then you had describe on this page??? I can found Profile in GUI ?? plz help what version I have to use for bIlling

I need some help with the expiring / resetting of accounts at end of each month. At the moment in UM under Users, in the users Till time field it reads “10/21/2012 08:13:04”. I want the users account to reset end of each month. In the profile, I used 4w2d for validity.

Mikrotik disappointed me in many cases and blessed me as well. I seriously need help in some regards to satisfy my requirement, Can you help me plz. i will be waiting for a positive response from your end soon……

salam,
am new to mikrotik and am still learning but i need your help to put password on my admin account. For now anybody can logon with username: “admin” without a password. i realy wish i could stop this.

thanks very much. but am referring to a situation where some one is able to log on to my hotspot with just a user name admin( without a password), not the winbox but hotspot user account. will be very glad if u can help me.

hi, thanks very much for u help. u are so kind. i actually reset my rb751u 2HnD, since then i have been able to reconfigure it and i have internet on the rb wireless via. my problem is that, when i connect my nanostation to it through cable, there is no internet access. can u help me please. even when i connect cable the mikrotik to my laptop i cant have internet access. the router board is set up as a hotspot.

Thank you for the great forum on using Mikrotik with Radius Manager it has been extremely helpful to say the least. I wanted to know if you are able to help me setup Mikrotik RB450G to be used with three (3) Ubiquiti Rocket M5 (5GHZ) AP/ Sector Antennas each connected to one port each on the RB450G and the WAN port of the router connecting back to Radius Manager using pptp for user authentication, billing,etc. I am currently using Radius Manager version 3.7 but just wanted a standard setup to follow as an outline to follow if I needed to duplicate the configuration again.

Another thing is that I am not sure what would be best to use as in PPPoE or HOTSPOT. I would like to configure it for PPPOE to use with the Radius Manager but I am unsure as your opinion would be greatly appreciated. If you can please help me I would greatly appreciate it.

Hi sir very interesting this pppoe server project .I would also want to set a pppoe server following your tutorial but my problem is that have a /22 public ip (just get connected to optic fiber and also use bgp4…) then I would like to assign publics ip to lan (but with wan and Lan on the same network) can you please point me how i can achieved it? Thanks in advance

You don’t have to use NAT rule in this case. Mikrotik without NAT rule works like a ROUTER.
At mikrotik forum, there are lot of examples available on howto use live ip pool for local lan users via mikrotik.

Hi Jahanzaib sir Good day!. i have 2 mikrotik router 1st Rb450 with the bandwidth speed of (2Mb) & 2nd Rb2011 with the bandwidth of (500k) these 2 router is in different location. I want to forward the full bandwidth of 2 Mb to my 2nd router, What will be the setting in both router to make this scenario? Thank in advance

Dear Jahanzaib bahi. My user manager was work perfectly but when i made my lan to bridge with same ip for geting mac address of all those users who are on different APS whch are connected to 5ghz loops my redius is not working its says redius server is not responding. please tell me what should i do to resolve this issue ? coz i need my bridge i can’t leave bridge coz if i ll leave bridge then i ll not get ips from my other clients which are not directly connected to my mikrotik.

hello sir.
i am aware rb750G supports on 20 concurrent customers,but still i would like to go for rb750g with um.
can u guide abt NAS/raduis.i have tried giving 127.0.0.1 ip in um as wel as in radius ip

do i have to disable pppoe server which i have created.
to add to my further knowledege which is best rb to support 100 concurrent customers.

There will be no gateway , the default gateway will be the mikrotik server ,its point to point link, you have to configure the proper NAT rule on mikrotik so pppoe connected users should be able to get through it.

I am planning to install Mikrotik Latest version 5.22 on ESXi with 2GB of RAM and planning to handle the live users capacity of 500. Do you suggest the builtin RAIDUS to handle 500 live users with above config? and also i am planning to configure webproxy cache if possible.

# First of all I will not recommend to use USER MANAGER to store Users for this number of users. User Manager is still in development phases and it do have few bugs and its not suitable for live production environment for 500 users. Its ok to use it in smaller network.

# Add external proxy along with Mikrotik like SQUID to redirect all http traffic from mikrotik to proxy. You can use SQUID an mikrotik in Same physical machine using virtualizing technology with ESXI server. Mikrotik Builtin web proxy is not designed to handle heavy load. So its better if you use SQUID , there are other benefits also of using squid that i tcan be modified and its highly customizable to fit your requirements.

i understand based on yours posts, That the DMA RADIUS is the better one to go as external RADISU. But can please suggest me, If i go for that, Is it possible through the DMA creating the public IP addresses with the bandwidth control (which is from my WAN pool from service provider) for corporate users.

Yes its possible to use PUBLIC ip address. Just create public IP pool in Mikrotik/DMA and in user properties assign this pool or singel ip of your choice.
Rest of work is done by Mikrotik if you have configured it properly already. No need to worry.

Thanks for reply. For DHCP to work with radius and UM i have to create user by their mac. And UM user profile does not have any room for DNS entry, only MT PPP profile has it. Thing is, i want to introduce limited internet (transfer limit) for the users who r downloading and using p2p 24/7. All the users r already connected to mt via cable. I want to give pppoe for the heavy downloader from the users. So, i’ve created one pppoe-in interface, added a pppoe server, configured radius and UM, created ip pool, created user profile and limitations with ip pool in UM, added users in UM. Added one rule in forward chain accepting the ip pool. Already masqueraded all addresses to wan interface.
PPPoE users can connect, no problem with it, but no internet for them. For other users everything is ok. What is wrong?

For DHCP to work with radius and UM i have to create user by their mac. And UM user profile does not have any room for DNS entry, only MT PPP profile has it. Thing is, i want to introduce limited internet (transfer limit) for the users who r downloading and using p2p 24/7. All the users r already connected to mt via cable. I want to give pppoe for the heavy downloader from the users. So, i’ve created one pppoe-in interface, added a pppoe server, configured radius and UM, created ip pool, created user profile and limitations with ip pool in UM, added users in UM. Added one rule in forward chain accepting the ip pool. Already masqueraded all addresses to wan interface.
PPPoE users can connect, no problem with it, but no internet for them. For other users everything is ok. What is wrong?

Asalam-o-alecum , jahanzaib bhai i have configure mikrotik 3.22 PPPoe server with (Wan =public ip) and (Lan = 10.10.10.1/24) ppp ip-pool (192.168.1.1)
i need to online my webserver (Lan ip = 10.10.10.2 ) pppoe ip (192.168.1.10) what can i do for local webserver online when i access by public ip ?
i have access my mikrotik webpage from external network by public ip , i also create port forwarding rule in Firewall but i can’t access my webserver outside the network . i have change my webserver port 81 please help me what can i do ?

Dear Sir,
i have purchased 450 g mikrotik router and i upgrade to 5.25 and install ppoe conf as your defnition. when ppoe user connected to router pppoe user dynamic queue going to under simple static queue. but does not showing any traffic in tx rx and when we move ppoe dynamic queue above the simple static queue is working perfectly.but every time we moving it mannualy .pleasw give me the permanant solution

First of all very very thanks to you for quick reply.Sir Actually its well working previously i am using this same config in mikrotik x86 5.20 .After exporting all conf from x86 to import 450 g 5.25 the problem was started. i am using static queue for some public ip customer and local ip customers without usermanager with priority based.

I am using mikrotik and wondering that if you could help me – as per government push, we have to resolve each and every client ip and its not possible to allocate static ip pool to pppoe service but as you know in mikrotik if we use hotspot service, it resolve ip of client in bracket i.e Static IP [192.16.16.2] manner if user check their ip on web such as dnsstuff.com or so.

it will be really helpfull if you could focus some light on this topic.

raidus is not respoinding occurs due to variety of reasons.
IN Userman router section and in Mikrotik RADIUS section, use the SAME ip address, preferably local, Make sure you have entered the correct SECRET at both end. this is the most common cause.

If its just a demo testing, we can have a remote session of this mikrotik either via Team.v or live ip, and we can fix it. Dont share any IP or Password info on the comments, contact me on email > aacable [at] hotmail.com

I setup pppoe to distribute public ip /29 from eth1 through eth4 and across a wireless bridge to cpe. That works. The connection sends public ip to client computer as /32 address using the public-pool but with subnet mask=ff.ff.ff.ff and GW=0.0.0.0. Then the address is not ping-able from public side of network and also, the client with the pppoe address can not access the internet. Eth1 address is public ip/29. Eth4 address is 10.x.x.x – wireless link is Ubnt clear bridge w WDS. The pppoe server is on interface Eth4. Any suggestions?

possible reasons are.
radius is not configured
user manager or your external have no entry for your mikrotik nas
radius timeout value is set to too low, if using external radius set ti at least 2000 ms
radius secrets are not matched

Hi,
Thank you for your share.
I want to setup for Captive portal with RadiusDesk+Mikrotik RB450G+MikrotikRB912Gx3 (AccessPoint)
RadiusDesk is setuped. RB912G is setuped to AP mode. RB450G is setuped and connecting intenet.

How can I config radiusDesk and RB450G integration for user authentication (is pppoe required)?

AoA, Sir
can u please guide me that i am using Mikrotik OS and i want to install radius manager with hotspot along with external squid proxy server. please let me know how is it work under this senario.

Sir,i want your help.i have configured pppoe server with pofiles and secrets.user can connect to internet.even i can monitor real time bandwidth utilization of clients.as i am not using usermanager for accounting purpose.i have another server called log2space,where accounting and client utilization is stored for limited and unlimited plans.i want users to connect on mikrotik and log2space server will store and save clients utilization.

Log2space server has inbuilt radius and pppoe service.
how can i do it.pls help.

Assalam Alikum Brothers.
i need your help, i am using two different WAN Connection one is DSL and other is PPTP. i have balanced the load throught Mikrotik 5.18 ROUTER OS. now i want to enable the sharing of my PPTP WAN can any one help me?

What i need to do, if I want to give a to a client an IP by WAN IP range
================
My case
I have an IP subnet 213.207.51.208/28
My mikrotik has .210 on WAN port
I have configured userman for PPPoE Server and HotSpot, everything is OK.
But problem start when I want to assign to one of my ppp client an public IP 213.207.51.115, this was not a problem when users where configured on mikrotik!

sir my question is,public ip pool is set,client gets a public ip address once connected via pppoe. we can check the customer real time bandwidth utilization in MK,but is it possible for client side ?
This is because clients complain of slow speed or download rate,where as we can see the actual data transfer rate as per the given bandwidth capex.
Client shall put the ip address in the broswer insert the username password alloted n check the bandwidth utilization.

I have been able to setup radius manager and everything is working but any time I try logging in from mikrotik with RM accounts, it tell’s me Radius server is not responding. I have watched series of tutorials and their configuration was through PPPoE and and I am not using PPPoE. Please help me out. Thank you

i create ppoe server with userman and after that create user and connect with user name and password that work fine (as u show in ur post), but my problem is that if i manually change LAN IP (set any IP from ppoes pool) then internet is connected without any authentication and get access to all my bandwidth without showing any active user in my ppoe server. kindly guide me to solve this issue

then you have done serious security miss configuration. the pppoe pool must be different subnet pool. the one which is not being used on any interface of your mikrotik. then in NAT, allow only pppoe pool. this way only connected users will be able to get the pool ip, and will be allowed, rest of users even f they change hte ip they will not get access because they will not see corresponding subnet interface ion mikrotik withotu conencting.